This detection rule targets the misuse of the PowerShell cmdlet `Set-Service` to manipulate service permissions, specifically to configure a `SecurityDescriptor` that renders a service hidden from standard service utilities such as `sc.exe` and `Get-Service`. By allowing services to be obscured from normal visibility, this action could facilitate persistence mechanisms for malicious actors or unauthorized users, effectively enabling further privilege escalation activities within a Windows environment. This rule is particularly relevant in PowerShell 7 environments, and its detection logic hinges on monitoring process creation activities that exhibit specific command line patterns indicating the usage of `Set-Service` with particular parameters. The detection condition fires when all specified criteria in the detection section match, including checks for the PowerShell executable and specific command line arguments that denote attempts at manipulating service visibility. False positives are acknowledged for legitimate scenarios where services are intentionally hidden for administrative purposes. The implication of this rule contributes to maintaining a robust security posture by identifying potentially malicious activities that leverage abusive permissions to evade users and security measures.